CVE-2022-4943

The miniOrange's Google Authenticator plugin for WordPress is vulnerable to authorization bypass due to a missing capability check when changing plugin settings in versions up to, and including, 5.6.5. This makes it possible for unauthenticated attackers to change the plugin's settings...

Authorization

The miniOrange's Google Authenticator plugin for WordPress is vulnerable to authorization bypass due to a missing capability check when changing plugin settings in versions up to, and including, 5.6.5. This makes it possible for unauthenticated attackers to change the plugin's settings...

CVE-2022-4943

The miniOrange's Google Authenticator plugin for WordPress is vulnerable to authorization bypass due to a missing capability check when changing plugin settings in versions up to, and including, 5.6.5. This makes it possible for unauthenticated attackers to change the plugin's settings...

CVE-2022-4943

CVE-2022-4943 – miniOrange's Google Authenticator plugin for WordPress suffers an authorization bypass due to a missing capability check when changing plugin settings in versions

CVE-2022-4943 miniOrange's Google Authenticator <= 5.6.5 - Missing Authorization to Plugin Settings Change

The miniOrange's Google Authenticator plugin for WordPress is vulnerable to authorization bypass due to a missing capability check when changing plugin settings in versions up to, and including, 5.6.5. This makes it possible for unauthenticated attackers to change the plugin's settings...

PT-2023-15929 · Miniorange · Google Authenticator

Name of the Vulnerable Software and Affected Versions: miniOrange's Google Authenticator plugin for WordPress versions up to, and including, 5.6.5 Description: The issue is related to a missing capability check when changing plugin settings, which allows unauthenticated attackers to modify the...

tomcat: Open Redirect vulnerability in FORM authentication

A flaw was found in Apache Tomcat if the default web application is configured with FormAuthenticator. This issue allows a specially crafted URL to trigger a redirect to an arbitrary URL...

Improper Authentication

WebAuthn4J is vulnerable to Improper Authentication. The vulnerability is due to the improper persistence of an incremented signature counter value by the authenticator during authentication. This can be exploited by the attacker using cloned authenticators without being detected...

CVE-2023-45669

WebAuthn4J Spring Security provides Web Authentication specification support for Spring applications. Affected versions are subject to improper signature counter value handling. A flaw was found in webauthn4j-spring-security-core. When an authneticator returns an incremented signature counter val...

exim: Fix of 2 CVEs

CVE-2023-42114: fix possible OOB read in SPA authenticator - CVE-2023-42116: fix possible OOB write in SPA authenticator...

CLSA-2023-1697482739 exim: Fix of 2 CVEs

CVE-2023-42114: fix possible OOB read in SPA authenticator - CVE-2023-42116: fix possible OOB write in SPA authenticator...

CLSA-2023-1697481196 exim: Fix of 2 CVEs

CVE-2023-42114: fix possible OOB read in SPA authenticator - CVE-2023-42116: fix possible OOB write in SPA authenticator...

CVE-2023-45669

CVE-2023-45669 affects WebAuthn4J Spring Security via the webauthn4j-spring-security-core component. The bug arises from improper persistence of an incremented signature counter returned by the authenticator, causing cloned authenticators to evade detection. Reported impact: an attacker could abu...

CVE-2023-45669 Improper signature counter value handling in webauthn4j-spring-security

WebAuthn4J Spring Security provides Web Authentication specification support for Spring applications. Affected versions are subject to improper signature counter value handling. A flaw was found in webauthn4j-spring-security-core. When an authneticator returns an incremented signature counter val...

CLSA-2023-1697463600 Fix CVE(s): CVE-2023-42116, CVE-2023-42114

SECURITY UPDATE: Multiple security issues - debian/patches/CVE-2023-42114.patch: fix possible OOB read in SPA authenticator - CVE-2023-42114 - debian/patches/CVE-2023-42116.patch: fix possible OOB write in SPA authenticator - CVE-2023-42116...

PT-2023-29638 · Unknown · Webauthn4J Spring Security

Name of the Vulnerable Software and Affected Versions: WebAuthn4J Spring Security versions prior to 0.9.1.RELEASE Description: A flaw was found in webauthn4j-spring-security-core, where improper signature counter value handling occurs. When an authenticator returns an incremented signature counte...

CLSA-2023-1697016628 Fix CVE(s): CVE-2023-42114, CVE-2023-42116

SECURITY UPDATE: Multiple security issues - debian/patches/CVE-2023-42114.patch: fix possible OOB read in SPA authenticator - CVE-2023-42114 - debian/patches/CVE-2023-42116.patch: fix possible OOB write in SPA authenticator - CVE-2023-42116...

matrix-server-isenguard (=0.1.1), matrix-synapse-testutils (>=1.65.0.0 <=1.93.0.0) +7 more potentially affected by CVE-2023-45129 via matrix-synapse (>=0.33.9 <=1.93.0)

matrix-synapse PYPI version =0.33.9, =1.65.0.0, =0.1.2, =0.100.2, =0.1.0, =0.1.0, =0.8.0, =0.8.4 Source cves: CVE-2023-45129 Source advisory: OSV:PYSEC-2023-199...

Retool Falls Victim to SMS-Based Phishing Attack Affecting 27 Cloud Clients

Software development company Retool has disclosed that the accounts of 27 of its cloud customers were compromised following a targeted and SMS-based social engineering attack. The San Francisco-based firm blamed a Google Account cloud synchronization feature recently introduced in April 2023 for...

DEBIAN-CVE-2023-41900

Jetty is a Java based web server and servlet engine. Versions 9.4.21 through 9.4.51, 10.0.15, and 11.0.15 are vulnerable to weak authentication. If a Jetty OpenIdAuthenticator uses the optional nested LoginService, and that LoginService decides to revoke an already authenticated user, then the...